Studio shows “Error: Failed to validate the Central Configuration Service location. You do not have sufficient permissions to administer this Site using Studio.”

Procedure:

1. Use the following PowerShell commands to find the SID of the user account currently in use on the machine where Studio is installed:

$objUser = New-Object System.Security.Principal.NTAccount(“<DomainUserName>”)

$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

$strSID.Value


2. Perform below steps on the server hosting the Site database to find the all the Administrator SIDs:

– Open SQL Management studio >> Connect to SQL server instance

– Expand Databases>> [SiteDatabase] >> Tables >> DAS.Administrators

– Right click on DAS.Administrators > Select Top 1000 Rows.

This will display the SIDs of all the Administrator objects configured for the Site. The results might look something like below. It might be handy to copy these SIDs to a text file.

2. Check if the SID found in step 1 matches with the one of SID(s) contained in the DAS.Administrator table of the XenApp/XenDesktop Site Database in the SQL server.

  • If the SID from step 1 is not found, then it means that the user account currently in use on the machine where Studio is installed is not a Citrix Administrator account and does not have sufficient permissions to administer the Citrix Virtual Apps and Desktops Site using Studio. In that case you need to login in the server with a user account that is a Citrix Administrator. See step 3 below to identify the accounts associated with the other SIDs.
  • If the SID is found, there are two possible causes of the error. One possible cause is that the account is corrupted. A more likely cause is that one of the other accounts is corrupted or has been deleted from Active Directory.

3. Check that each one of the listed SIDs exists in Active Directory and identify the Name of the account. Pay particular attention to the SID with Id 1. One way to do this is to use this query in an elevated PowerShell ISE session, substituting in each one of the SIDs from the list:

$objSID = New-Object System.Security.Principal.SecurityIdentifier ` ("<SID in question>") $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) $objUser.Value

The output should look something like this:

  • Check each SID. If you get a result like "There is no such object on the server" make a note of this SID. It will need to be deleted.

4. If you have found a corrupt account or a missing account, you will have to delete the SID.

Look at the list of SIDs and find the ID number in the column to the left of the SID that is corrupt or missing.

In our example, the ID of "S-1-5-21-2478182230-2469894656-543321374-1631" is 29.

- Open SQL Management studio >> Connect to SQL server instance

- Expand Databases. Right click on the Site database and choose 'New Query'.

- Paste the query in the new window:

Delete From DAS.Administrators Where ID = <ID>

- Select "Query" from the menu bar and choose "SQLCMD Mode".

- Execute the query (Press F5 or click on Execute) Sample of a successful action:

5. Verify that the SID is gone from the DAS.Administrators table. Right click DAS.Administrators table and choose Top 1000. Inspect the results.

According to the actual cause of the issue, you might need to reboot the Delivery Controller to see the results of the cleaned up DAS Administrators table.

Related:

  • No Related Posts

Studio shows “Error: Failed to validate the Central Configuration Service location. You do not have sufficient permissions to administer this Site using Studio.”

Procedure:

1. Use the following PowerShell commands to find the SID of the user account currently in use on the machine where Studio is installed:

$objUser = New-Object System.Security.Principal.NTAccount(“<DomainUserName>”)

$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

$strSID.Value


2. Perform below steps on the server hosting the Site database to find the all the Administrator SIDs:

– Open SQL Management studio >> Connect to SQL server instance

– Expand Databases>> [SiteDatabase] >> Tables >> DAS.Administrators

– Right click on DAS.Administrators > Select Top 1000 Rows.

This will display the SIDs of all the Administrator objects configured for the Site. The results might look something like below. It might be handy to copy these SIDs to a text file.

2. Check if the SID found in step 1 matches with the one of SID(s) contained in the DAS.Administrator table of the XenApp/XenDesktop Site Database in the SQL server.

  • If the SID from step 1 is not found, then it means that the user account currently in use on the machine where Studio is installed is not a Citrix Administrator account and does not have sufficient permissions to administer the Citrix Virtual Apps and Desktops Site using Studio. In that case you need to login in the server with a user account that is a Citrix Administrator. See step 3 below to identify the accounts associated with the other SIDs.
  • If the SID is found, there are two possible causes of the error. One possible cause is that the account is corrupted. A more likely cause is that one of the other accounts is corrupted or has been deleted from Active Directory.

3. Check that each one of the listed SIDs exists in Active Directory and identify the Name of the account. Pay particular attention to the SID with Id 1. One way to do this is to use this query in an elevated PowerShell ISE session, substituting in each one of the SIDs from the list:

$objSID = New-Object System.Security.Principal.SecurityIdentifier ` ("<SID in question>") $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) $objUser.Value

The output should look something like this:

  • Check each SID. If you get a result like "There is no such object on the server" make a note of this SID. It will need to be deleted.

4. If you have found a corrupt account or a missing account, you will have to delete the SID.

Look at the list of SIDs and find the ID number in the column to the left of the SID that is corrupt or missing.

In our example, the ID of "S-1-5-21-2478182230-2469894656-543321374-1631" is 29.

- Open SQL Management studio >> Connect to SQL server instance

- Expand Databases. Right click on the Site database and choose 'New Query'.

- Paste the query in the new window:

Delete From DAS.Administrators Where ID = <ID>

- Select "Query" from the menu bar and choose "SQLCMD Mode".

- Execute the query (Press F5 or click on Execute) Sample of a successful action:

5. Verify that the SID is gone from the DAS.Administrators table. Right click DAS.Administrators table and choose Top 1000. Inspect the results.

According to the actual cause of the issue, you might need to reboot the Delivery Controller to see the results of the cleaned up DAS Administrators table.

Related:

  • No Related Posts

Studio shows “Error: Failed to validate the Central Configuration Service location. You do not have sufficient permissions to administer this Site using Studio.”

Procedure:

1. Use the following PowerShell commands to find the SID of the user account currently in use on the machine where Studio is installed:

$objUser = New-Object System.Security.Principal.NTAccount(“<DomainUserName>”)

$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

$strSID.Value


2. Perform below steps on the server hosting the Site database to find the all the Administrator SIDs:

– Open SQL Management studio >> Connect to SQL server instance

– Expand Databases>> [SiteDatabase] >> Tables >> DAS.Administrators

– Right click on DAS.Administrators > Select Top 1000 Rows.

This will display the SIDs of all the Administrator objects configured for the Site. The results might look something like below. It might be handy to copy these SIDs to a text file.

2. Check if the SID found in step 1 matches with the one of SID(s) contained in the DAS.Administrator table of the XenApp/XenDesktop Site Database in the SQL server.

  • If the SID from step 1 is not found, then it means that the user account currently in use on the machine where Studio is installed is not a Citrix Administrator account and does not have sufficient permissions to administer the Citrix Virtual Apps and Desktops Site using Studio. In that case you need to login in the server with a user account that is a Citrix Administrator. See step 3 below to identify the accounts associated with the other SIDs.
  • If the SID is found, there are two possible causes of the error. One possible cause is that the account is corrupted. A more likely cause is that one of the other accounts is corrupted or has been deleted from Active Directory.

3. Check that each one of the listed SIDs exists in Active Directory and identify the Name of the account. Pay particular attention to the SID with Id 1. One way to do this is to use this query in an elevated PowerShell ISE session, substituting in each one of the SIDs from the list:

$objSID = New-Object System.Security.Principal.SecurityIdentifier ` ("<SID in question>") $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) $objUser.Value

The output should look something like this:

  • Check each SID. If you get a result like "There is no such object on the server" make a note of this SID. It will need to be deleted.

4. If you have found a corrupt account or a missing account, you will have to delete the SID.

Look at the list of SIDs and find the ID number in the column to the left of the SID that is corrupt or missing.

In our example, the ID of "S-1-5-21-2478182230-2469894656-543321374-1631" is 29.

- Open SQL Management studio >> Connect to SQL server instance

- Expand Databases. Right click on the Site database and choose 'New Query'.

- Paste the query in the new window:

Delete From DAS.Administrators Where ID = <ID>

- Select "Query" from the menu bar and choose "SQLCMD Mode".

- Execute the query (Press F5 or click on Execute) Sample of a successful action:

5. Verify that the SID is gone from the DAS.Administrators table. Right click DAS.Administrators table and choose Top 1000. Inspect the results.

According to the actual cause of the issue, you might need to reboot the Delivery Controller to see the results of the cleaned up DAS Administrators table.

Related:

  • No Related Posts

Studio shows “Error: Failed to validate the Central Configuration Service location. You do not have sufficient permissions to administer this Site using Studio.”

Procedure:

1. Use the following PowerShell commands to find the SID of the user account currently in use on the machine where Studio is installed:

$objUser = New-Object System.Security.Principal.NTAccount(“<DomainUserName>”)

$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

$strSID.Value


2. Perform below steps on the server hosting the Site database to find the all the Administrator SIDs:

– Open SQL Management studio >> Connect to SQL server instance

– Expand Databases>> [SiteDatabase] >> Tables >> DAS.Administrators

– Right click on DAS.Administrators > Select Top 1000 Rows.

This will display the SIDs of all the Administrator objects configured for the Site. The results might look something like below. It might be handy to copy these SIDs to a text file.

2. Check if the SID found in step 1 matches with the one of SID(s) contained in the DAS.Administrator table of the XenApp/XenDesktop Site Database in the SQL server.

  • If the SID from step 1 is not found, then it means that the user account currently in use on the machine where Studio is installed is not a Citrix Administrator account and does not have sufficient permissions to administer the Citrix Virtual Apps and Desktops Site using Studio. In that case you need to login in the server with a user account that is a Citrix Administrator. See step 3 below to identify the accounts associated with the other SIDs.
  • If the SID is found, there are two possible causes of the error. One possible cause is that the account is corrupted. A more likely cause is that one of the other accounts is corrupted or has been deleted from Active Directory.

3. Check that each one of the listed SIDs exists in Active Directory and identify the Name of the account. Pay particular attention to the SID with Id 1. One way to do this is to use this query in an elevated PowerShell ISE session, substituting in each one of the SIDs from the list:

$objSID = New-Object System.Security.Principal.SecurityIdentifier ` ("<SID in question>") $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) $objUser.Value

The output should look something like this:

  • Check each SID. If you get a result like "There is no such object on the server" make a note of this SID. It will need to be deleted.

4. If you have found a corrupt account or a missing account, you will have to delete the SID.

Look at the list of SIDs and find the ID number in the column to the left of the SID that is corrupt or missing.

In our example, the ID of "S-1-5-21-2478182230-2469894656-543321374-1631" is 29.

- Open SQL Management studio >> Connect to SQL server instance

- Expand Databases. Right click on the Site database and choose 'New Query'.

- Paste the query in the new window:

Delete From DAS.Administrators Where ID = <ID>

- Select "Query" from the menu bar and choose "SQLCMD Mode".

- Execute the query (Press F5 or click on Execute) Sample of a successful action:

5. Verify that the SID is gone from the DAS.Administrators table. Right click DAS.Administrators table and choose Top 1000. Inspect the results.

According to the actual cause of the issue, you might need to reboot the Delivery Controller to see the results of the cleaned up DAS Administrators table.

Related:

  • No Related Posts